ZA: Hacker reveals e-toll website security flaw

Jan Vermeulen reports that a hacker has reported a vulnerability in the SANRAL website that exposes user information:

This is due to a page on the South African National Roads Agency Limited (Sanral) website which can be exploited to expose the PIN of any registered e-toll website user.

The page is intended to be used as part of a standard two-stage account registration process, the hacker told MyBroadband, where the user would click on a link in an e-mail to confirm their account.

However, the page at the link contains a “serious security problem,” the hacker said. It provides the user’s PIN on the confirmation screen.

Armed with just someone’s e-toll username, anyone could obtain all kinds of sensitive information from the Sanral website.

This includes ID numbers, vehicle license plate numbers, postal addresses, and payment methods.

Read more on BusinessTech (Za).

About the author: Dissent

Comments are closed.